- Issue created by @jenlampton
- 🇺🇸United States jenlampton
There are currently no owners or maintainers listed on the project page to contact about this request directly, so I an unable to proceed with steps 2, 3, 4, or 5 listed on the How to become project owner, maintainer, or co-maintainer" page → .
As such, I am moving straight to step 6, and transferring this issue to the Drupal.org project ownership queue.
Here is a link to the module in question (but I will also add this to the issue summary in a moment).
https://www.drupal.org/project/link_click_count →I have read and reviewed the instructions on Becoming primary maintainer of a project that is unsupported for security reasons → but even though the Security Advisory announcing the project as unsupported → was published in 2017, I am unable to locate any public details about the vulnerability. This prevents me from completing steps 2, 3, 4, and 5 on that page.
So I hope transferring this issue the Drupal.org project ownership queue is the correct next step?
(If someone would like to explain the intended procedure for taking over these types of projects, I would be happy to help update the current documentation pages)
- Status changed to Needs review
about 2 years ago 2:03am 8 April 2023 - 🇺🇸United States jenlampton
Here is my first pass at a patch that adds some basic sanitization in places where it seemed problematic, but I'll need to more than basic testing to ensure everything still functions as expected:
https://www.drupal.org/project/link_click_count/issues/3353002 📌 Security Hardening + English Clean-Up Active
- Status changed to Active
about 2 years ago 8:23am 8 April 2023 - 🇮🇹Italy apaderno Brescia, 🇮🇹
These offers needs to be posted on the project issue queue. They are moved on the Drupal.org project ownership queue after 14 days, if the project owner or one of the maintainer has not replied.
- 🇮🇹Italy apaderno Brescia, 🇮🇹
Furthermore, since the project contains security issues, site moderators will not add new maintainers. That needs to be handled in concert with the Security Team.
- 🇺🇸United States jenlampton
> These offers needs to be posted on the project issue queue. They are moved on the Drupal.org project ownership queue after 14 days, if the project owner or one of the maintainer has not replied.
@apaderno There is no owner or maintainer for this project, as stated in the original issue. What is the point of waiting 14 days for nobody to respond?
> File an issue in the queue with a patch to fix the module and then contact the security team to have your version reviewed and the project handed over to you
I have done all of this already. I don't know what the next steps are if this issue is not what I'm supposed to do.
- 🇺🇸United States greggles Denver, Colorado, USA
Yes, I think the 14 days idea can be skipped for cases of unmaintained projects.
@jenlampton - your email to the team in addition to this issue was the right thing to do and you should have access to the private issue so you can work on that. If you didn't get a notification email for that, log in and check https://security.drupal.org/project/issues?status=All and you should see it :)
- 🇨🇦Canada WiredEscape
Hello Jen,
Any progress on you taking ownership of this module? - 🇺🇸United States greggles Denver, Colorado, USA
Take a look at https://www.drupal.org/project/link_click_count/issues/3353002 📌 Security Hardening + English Clean-Up Active